Migrating to GCP? First Things First: VPCs

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
STEPHANIE WONG: For an on-prem developer looking to migrate to the cloud, one of the first things you have a need for is to set up a network. But there are some key differences between your traditional on-prem network setup and the cloud's software-defined networks or virtual private clouds. In this episode of GCP Networking End-to-End, I'll be covering what a VPC is, how it differs on Google Cloud Platform, and how to set one up. Stay tuned. [MUSIC PLAYING] A VPC stands for Virtual Private Cloud, and is a private, isolated virtual network partition that provides managed networking functionality for your Google Cloud Platform-- GCP-- resources. You can think of a VPC as a virtual version of your traditional physical network. It lets you set up private communication between your virtual machines and the cloud, including firewall rules and routing, so that you're protected from external and unwanted access and limit public exposure of your instances. In a traditional VPC, the scope is usually bound to a geographic region, like US West versus US East, and all the work and communication between VMs in that region are expected to stay contained. If you want to move beyond that, connect workloads across regions, you need to somehow have a way to provide for private connectivity to ensure your workloads aren't compromised, which usually means leveraging a VPN connection across public IPs of the regions. While this seems fine in theory, in practice, the overhead and costs associated with your deployment grows with each new region that must be added. Imagine scaling to hundreds of projects with massive numbers of VPNs and VPN gateways to stitch together. On top of that, you have to add multiple routers in each VPC and use them across VPN tunnels to provide dynamic advertisements or BGP sessions for your subnets. Subnets is just a fancy way of saying an IP segment in a VPC, while BGP is the protocol that helps route traffic to subnets. Now you have a sprawl of many routers and BGP sessions you're managing. Now while a task can be easily automated, network management can still include the responsibilities of coordinating policies that cross multiple admin domains, teams, and resources like organization, security, projects, networks, and endpoints. This might be fine if your company needs complete isolation between VMs in different regions. But if you're like most companies who want to distribute your workloads across regions and reduce latency when traversing the public internet, you'll want those VMs to be able to communicate across a private network. This is where Google Cloud Global VPC comes into play. A single Google Cloud VPC can span multiple regions without communicating across the public internet. It provides the same private gateways for your on-prem hardware, but also gives you global scope between regions, sharable configuration between your projects, and near-real-time logging to monitor your application. It also lets you increase the IP space of any subnet without any workload shutdown or downtime, not to mention a full suite of support services, like shared VPC, Cloud Router, firewall support, VPC peering, and an industrial-strength VPN. But I'll get to all of that in a later episode. Now, the really cool thing about GCP's VPC system is that it allows your VMs to communicate across regions without needing the extra overhead of VPNs to do so. This is all done using the same global underlying network that powers search, YouTube, and Gmail. This means that Google handles your traffic under the hood by dynamically advertising routes across the VPC, so you don't have to. Google Cloud VPC is ideal for situations where you're hosting globally distributed multi-tier applications by creating a VPC with subnets, or connecting GCP-hosted or externally hosted databases to Google's unique machine learning services by creating a VPC with subnets and VPN access, or even disaster recovery with application replication, create backup GCP compute capacity, then revert back to it once the incident is over. As such, using GCP VPC means that you have a simplified network with a single global VPC with regional segmentation, meaning fewer VPNs and routers. You have simplified management. A single security policy can be applied globally. There are fewer network constructs to break and troubleshoot. With that in mind, let's do a quick walk-through of how to set up a VPC for your existing on-prem config using the Google VPC. First, go to the VPC Networks page in the Google Cloud Platform console. Now you see we have a default VPC with subnets in each region created. In a true hybrid setup, it's common to get rid of the default VPC, as you already have an on-premise network with an IP address scheme setup, which means the default VPC might have overlapping IP ranges. Click Create VPC Network, enter a name for the network. We'll choose Automatic for the subnet creation mode for now. Now for this example, Auto mode is an ideal situation for us since it makes setup easier. When using Auto mode, the VPC will create a subnet automatically-- again, a fancy way of saying a block of IP addresses for a region-- where the subnet IP falls within predefined IP ranges so that we don't have to do the math ourselves. Again, you can select Custom to avoid overlapping IP ranges to your on-prem network. Note also that I didn't create VPC in a region. It's global. But you do select region for a subnet. Now, in the Firewall Rules section, you can select one or more predefined firewall rules that address common use cases for connectivity to VMs. Likewise, you can create your own rules, or use none if you like to roll the dice on security. We'll be covering more on firewall rules in a later episode. Again, for simplicity's sake, we'll choose the dynamic routing mode for the VPC network, and then we click Create. Now to test if our VPC network is working properly, we're going to create a new instance in a region, and then ping it to see what its IP address is. Let's go to the Compute Engine tab, and create an instance. Now I'm going to leave all this as default for the sake of brevity. The important thing is down under Show More and the Network tab. We click Network and change it from Default to vpc1, which you can see changes the subnetwork. Let's click Create. And once it's spun up, you can see that it's internal IP address matches that of what our subnet was. Even with increasingly complex networks and workloads, you can map your on-premise network topologies in Google Cloud. Stay tuned for the next piece. And remember, optimizing your network means freeing up your bandwidth. [MUSIC PLAYING]
Info
Channel: Google Cloud Tech
Views: 84,956
Rating: 4.8885989 out of 5
Keywords: What is a VPC, How to set up the Google Cloud VPC, virtual private cloud, migrating to the cloud, network, VM, VPN, reduce latency, private network, Google Cloud global VPC, on prem, shareable configurations, real time logging, shared VPC, firewall support, multi tier application, GCP technology, GCP services, globally, Cloud developer, GDS: Yes;
Id: cNb7xKyya5c
Channel Id: undefined
Length: 7min 25sec (445 seconds)
Published: Wed Feb 20 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.